You don't have permission to access...

Hi, I'm getting an error that I generally understand in a situation that makes no sense to me. I was hoping for some direction - to see if anyone had any ideas.

I have a profile page users can edit. When they do it uses user_action.php to commit those changes to the database.

When users submit changes from the profile page it works fine, but when I'm logged in, I get the following error message.

Forbidden
You don't have permission to access /member/user_action.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at www.thehonorsquad.com Port 80

How does this make sense? It suggests that the error is at the file level, but if that was the case I'd expect every single user would have the issue.

I wonder if somehow my host is blocking me in some way. Could that be it?

When it said /member/user_action.php, it means that it is at root domain level. Would you make sure that the environment you are working on is correct (i.e. localhost v. production_domain.com)? Also, the 404 happens when the target landing URL page does not exists. This could be physical file or a generated page. It depends on your set up.

The file exists and can be accessed by anyone but me. When I'm logged in, if I submit the form, it calls the user_action.php and fails, but when someone else does it, it works.

This defies logic.

I contacted my host and they said they whitelisted my account as it was triggering some rule on their side, but it still occurs. I have a feeling it's on the host's side somehow as nothing else makes sense.

OK. So you the admin of the site? Could you provide the user verification & handling unauthorized portion of the script in user_action.php? You could simply change all variable names if you don't want to disclose all of it (and omit any irrelevant part).

Thanks for your help. This turned out to be on the host level. Somehow I was flagged for some security reason - some rule they had - and that's why it affected me specifically. This was unrelated to code.